Chief Information Security Officer Technology Risk & Cybersecurity Director

Chief Information Security Officer Technology Risk & Cybersecurity Director

Santander is looking for a Chief Information Security Officer (CISO) for SCIB, based in our Boadilla del Monte (Madrid, Spain) office.

WHY YOU SHOULD CONSIDER THIS OPPORTUNITY

At Santander, we push the boundaries and create innovative, customer-centric tech solutions. We collaborate to provide these world-class technical solutions by adopting Agile across our business as we digitally transform our platforms and services to create the bank of the future.

Cybersecurity is one of the Santander Group's main priorities and a crucial element to make Santander a cyber-resilient organization that can withstand, detect, and rapidly react to cyberattacks while constantly evolving and improving our defenses. The protection of systems, information, and customers is a priority for the Group.

If you share our passion for technology and are up for the challenge, come join us!

WHAT YOU WILL BE DOING

The CISO of SCIB will be responsible for implementing and running the Santander Global Information Security program to ensure that SCIB's information assets and associated technology, applications, platforms, systems, infrastructure, and processes are adequately protected in the digital ecosystem. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to information assets while supporting and advancing business objectives.

The CISO position requires a visionary leader with sound knowledge of business management, deep knowledge and/or previous experience within investment banking environments, and a strong understanding of regulatory requirements. The CISO must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations.

Tasks and Responsibilities

• Set and supervise the correct implementation of SCIB's cyber security strategy in line with Santander Group’s Cyber Security Corporate Framework and Strategy, SCIB regulatory requirements, and business needs.
• Lead the information security function across SCIB to ensure consistent and high-quality information security management in support of business goals.
• Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring.
• Manage the budget for the information security function, monitoring and reporting.
• Functional management of the local CISOs in SCIB Branches.

Implement the Strategy

• Implement the information security vision and strategy that is aligned to organizational priorities and enables the organization's business objectives.
• Support and enable adoption of Santander global defenses across SCIB's systems and information.
• Implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets.
• Assist with the identification of non-IT managed IT services in use and facilitate a corporate IT onboarding program.
• Work effectively with business units to facilitate information security risk assessment and risk management processes.

Build the Network and Communicate the Vision

• Create necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal, and HR management teams.

Operate the Function

• Drive implementation of Santander Group’s cyber security minimum requirements, policies, and regulatory requirements in SCIB.
• Implement a risk-based process for the assessment and mitigation of any information security risk in the ecosystem.
• Work with the compliance area to ensure that all information owned, collected, or controlled by the company is processed and stored in accordance with applicable laws.
• Collaborate with the data privacy officer to ensure that data privacy requirements are included where applicable.
• Facilitate processes for information security risk and for legal and regulatory assessments.
• Ensure that security is embedded in the project delivery process.
• Oversee technology dependencies outside of direct organizational control.
• Manage and contain information security incidents and events.
• Monitor the external threat environment for emerging threats.
• Develop and oversee effective disaster recovery policies and standards.
• Coordinate the development of implementation of incident response plans and procedures.
• Facilitate and support the development of asset inventories.

Establish Governance and Build Knowledge

• Provide regular reporting on the current status of the information security program to enterprise risk teams and senior business leaders.
• Develop, socialize, and coordinate implementation of security policies.
• Understand and interact with related disciplines to ensure consistent application of policies and standards.
• Provide clear risk mitigating directives for projects with components in IT.
• Lead the security champion program to mobilize employees of the Entity.

Requirements

Education, Training and Previous Experience

• Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT Security.
• Degree in business administration or a technology-related field such as science or engineering.

Desired, but not required:

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials.
• Experience executing programs that meet the objectives of excellence in a dynamic business environment.

Technical and Business Experience

• Knowledge of relevant legal and regulatory requirements regarding Cybersecurity.
• Knowledge of common information security management frameworks, such as ISO / IEC 27001, ITIL, COBIT, and NIST.
• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
• Up-to-date knowledge of methodologies and trends in both business and IT.

Knowledge and Skills

• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Strategic leader and builder of both vision and bridges.
• Ability to lead and motivate the information security team.
• Excellent analytical skills and the ability to manage multiple projects under strict timelines.
• Project management skills: financial/budget management, scheduling, and resource management.
• A master of influencing decisions.

Personal Characteristics

• Poise and ability to act calmly and competently in high-pressure situations.
• High degree of initiative, dependability, and ability to work with little supervision.
• High level of personal integrity and ability to handle confidential matters.
• Good judgment, a sense of urgency, and commitment to high standards of ethics.
• A critical thinker with strong problem-solving skills.
• Self-motivated with a high sense of urgency and personal integrity.

OTHER INFORMATION

Our team members come from diverse backgrounds, including banks, tech companies, trade companies, start-ups, and consulting firms. We believe in the power of diversity.

Would you like to grow with us? Join our team!